geneva, switzerland, 15-16 september 2014

Geneva, Switzerland, 15-16 September 2014

Challenges and Successes in the Zambian ICT Security Sector

Mainza Siamubayi Handongwe,Student Research Fellow,

Information and Communications University

Email: [email protected]

ITU Workshop on “ICT Security Standardizationfor Developing Countries”

(Geneva, Switzerland, 15-16 September 2014)


2

Introduction

Zambia has made so much progress in the ICT sectorOver the years, we have seen the following major developments;

Three mobile telecommunication companiesOnline services (e-commerce, e-learning, etc)Web hostingInternet Service Provision


3

Introduction cont'

This has lead to exposure to several information security risks including;

Website defacementDebit card stealing and cloningFinancial losses due to debit card cloningPhishingInternet bundle and mobile credit stealingDenial of ServiceWireless network hacking


4

Introduction cont'

This, in most cases, has adversely affected socio-economic activities especially where cyber security preparedness is lacking


5

Challenges

Zambia, like many developing countries, is faced with several challenges in the ICT sector These include;

Inadequate policies to curb cyber crimeInadequate qualified personnel to fight cyber crimeInadequate ICT infrastructure to prevent and investigate cyber crimeInadequate sensitization on cyber crime


6

Inadequate policies to curb cyber crime

Zambia had no specific legislation towards address cyber crime until 2004Computer Crime and Misuse Act number 13 of 2004 enacted following defacement of State House website in 1999Though it criminalizes some cyber crimes, the act still does not prohibit other major cyber crimes


7

Inadequate policies to curb cyber crime cont'

Offence Legislation Penalty

Unauthorised access Legislated Fifty thousand penalty units or 2-5yrs imprisonment or both

Unauthorised modifications

Legislated Fifty thousand penalty units or up to 3yrs imprisonment or both

Denial of Service Legislated Five thousand penalty units or up to 10 yrs imprisonment or both

Unsolicited e-mails (Spam)

Not fully legislated. Crime if causes damage to computer system

Unauthorised Interception

Legislated Two thousand penalty units or up to 5yrs imprisonment or both


8


Offence Legislation Penalty

Pornography Child pornography legislated, adult access to online pornography without downloading to hard drive not clearly legislated

Not less than 15yrs imprisonment or fine

Manufacture of hardware and software for furthering cybercrime

Not legislated

Computer-related Fraud Not specifically legislated

Computer-related Forgery

Not legislated.

e-Commerce Not legislated

Identity Theft Not legislated


9


Act imposes lighter sentences for crimes that would require hefty onesThe National ICT Policy of 2007 indicates government's commitment to promote safety in electronic frontier (Lupiya, 2009)


10


However, the policy does not give mandate to relevant government departments and private sector to combat some cyber crime


11

Inadequate qualified personnel to fight cyber crime

'According to an ICT industry skills survey, there were three hundred (300) people with graduate qualifications in ICTs in 2008'- S. HabeenzuLack of ICT Staff structure (rural areas)Most network and systems administrators lack cyber security skillsThis could be attributed to limited number of institutions offering cyber security training


12

Inadequate qualified personnel to fight cyber crime cont'

The cost of training and certification is also limitingThis makes networks/systems that are managed by such personnel vulnerable to attacksInvestigation of such incidences becomes difficult due to lack of computer forensic skills


13

ICT Staff Per Institution

Institution ICT StaffCyber Security Skilled

CBU 40 1

UNZA 25 3

NRDC 2 1

ZCA-Monze 1 0

ZCA-Mpika 0 0

ICU 5 3

Nkhrumah College 2 0

Rusangu Univeristy 4 0

Cooperative College 2 0

Evelyn Hone College 3 0


14

05

10152025303540

ICT Staff CyberSecuritySkilled

CBU

UNZA

NRDC

ZCA-Monze

ZCA-Mpika

ICU

Nkhrumah College

Rusangu Univeristy

Cooperative College

Evelyn Hone College

ICT staff per institution and those with cyber security skills

ICT Staff Per Institution


15

Inadequate ICT infrastructure to prevent and investigate cyber crime

Prevention and investigation of cyber crime requires specialized hardware and softwareThese include firewalls, intrusion detection systems, forensic software etcThese usually call for huge investments


16

Inadequate ICT infrastructure to prevent and investigate cyber crime

cont'

This tends to be the limiting factor for most government and private institutions


17

Inadequate sensitization on cyber crime

The fight against cyber crime would be fruitless without involvement of ICT end usersInformation sharing with citizens on cyber crime and counter measures was not done in the past, hence the ‘information gap'


18

Inadequate sensitization on cyber crime cont'

The Zambia Information Communication Technology Authority (ZICTA) is currently sensitizing citizens on online child protectionHowever, ZICTA's efforts are not adequate considering the the huge task to be undertaken


19

Successes-Govt and Private Sector

Establishment of the Zambia Information Communication Authority (ZICTA) to regulate ICT in ZambiaGovernment has set up the first ever Computer Forensic Laboratory based at the Zambia Police Headquarters

A number of police officers have been trained in Information Security and Computer ForensicsThe Zambian government has partnered with several local and international organizations (including ITU) in the fight against cyber crime

Conclusions and Recommendations

Formulate policies that will mandate relevant departments to prevent and investigate cyber crime, and prosecute perpetrators of such crimesInvest more in systems that prevent and help investigate cyber crimeEnsure that private institutions invest in systems that guarantee

security to users or clientsTrain and/or recruit more personnel in cyber securityEstablish Computer Incident Response Teams at all levels in govt structures and the private sector Sensitize citizens on cyber crime and counter measures, and encourage reporting of cyber crimes


20


21

Bibliography

HABEENZU S. (2010), Zambia ICT Sector Performance Review 2009/2010LUPIYA S. (2009), Cyber Crime and the Law in Zambia

geneva, switzerland, 15-16 september 2014

Documents